Systems and methods for providing an integrated identifier

ABSTRACT

Embodiments described herein provide systems and methods to streamline the mechanism by which data users access differently regulated data through the use of one or more integrated identifiers. The integrated identifiers lessen or eliminate the need to separately maintain one set of identifiers for regulated data and another set for non-regulated data. The methods and systems may be applicable in various credit and healthcare contexts where regulations over data use are prevalent. In one or more embodiments, a data user receives a unique integrated identifier for each of the data user&#39;s current or prospective customers, and the integrated identifiers can be used to persistently identify and track the customers over time and across applications that access regulated and/or non-regulated data. In the healthcare context, a healthcare provider may utilize a patient ID as the integrated identifier. To protect privacy, the integrated identifier may not include social security numbers or birthdates.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation application of U.S. application Ser. No. 16/053,698, filed on Aug. 2, 2018, entitled “SYSTEMS AND METHODS FOR PROVIDING AN INTEGRATED IDENTIFIER,” which is a continuation application of U.S. patent application Ser. No. 14/617,062, filed on Feb. 9, 2015, entitled “SYSTEMS AND METHODS FOR PROVIDING AN INTEGRATED IDENTIFIER,” which is a continuation application of U.S. patent application Ser. No. 13/673,918, filed on Nov. 9, 2012, entitled “SYSTEMS AND METHODS FOR PROVIDING AN INTEGRATED IDENTIFIER,” which is a continuation application of U.S. patent application Ser. No. 12/493,115, filed on Jun. 26, 2009, entitled “SYSTEMS AND METHODS FOR PROVIDING AN INTEGRATED IDENTIFIER,” which claims the benefit of priority from U.S. Provisional Patent Application No. 61/076,139 filed on Jun. 26, 2008, entitled “Systems and Methods for Providing an Integrated Identifier.” The entire contents of the above reference applications are hereby expressly incorporated herein by reference in their entirety. All publications and patent applications mentioned in this specification are herein incorporated by reference in their entirety to the same extent as if each individual publication or patent application was specifically and individually indicated to be incorporated by reference.

BACKGROUND Field of the Invention

This disclosure generally relates to data processing, and more particularly to methods and systems for providing an integrated identifier for accessing differently regulated data.

Description of the Related Art

In the United States, the use of personal, credit, and financial data of consumers is regulated by at least the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLB). For example, under the FCRA, credit data may be used under certain permissible purposes, such as for account review purposes when a consumer already has an established account with a financial institution. In the healthcare field, the Health Insurance Portability and Accountability Act (HIPAA) governs the use of patient data. Organizations often need to manage customer or patient data including different types of data governed by different legal requirements, and thus face the challenge of complying with those requirements in the management of differently regulated data. The different legal requirements often lead to the use of parallel and sometimes duplicative data management systems and methods that increase the transfer of private or sensitive data across systems and networks. Besides increasing costs, the increased transfer also leads to increased security risks and exposes those organizations to liability for data privacy breaches.

SUMMARY OF THE DISCLOSURE

Embodiments described herein provide data management systems and methods for accessing, providing, and/or managing differently regulated data. The data management systems and methods may streamline the mechanism by which data users access both regulated and non-regulated data through the use of one or more integrated identifiers. An identifier may be an alphanumeric string and/or a database record key. It may be encrypted or in clear text. In one or more embodiments an identifier does not contain any personally identifiable information. Other embodiments include systems and methods that allow for the integration of a Customer Data Integration (CDI) solution with an account review service through the use of one or more integrated identifiers.

In one embodiment, the integrated identifiers are managed by a reconciliation system that (1) reconciles various identifiers in use in regulated and non-regulated data sources into the single integrated identifiers and (2) resolve the integrated identifiers and translate them back to the various identifiers for accessing regulated and non-regulated data sources. The reconciliation and resolution logic takes into account the potential mismatches in the data records concerning the same individual consumers or businesses, including the various possibilities when there is not a one-to-one correspondence. The reconciliation system accomplishes its tasks while maintaining compliance with various legal requirements concerning regulated data. Therefore, the systems and methods may lessen or eliminate the need to separately maintain one set of identifiers for regulated data and another set for non-regulated data. The methods and systems may be applicable in various credit and healthcare contexts where regulations over data use are prevalent.

In one embodiment, a data user receives a unique integrated data identifier for each of the data user's current or prospective customers, which may be individual consumers or businesses. The integrated data identifiers can be used by the data user to persistently identify and track the customers over time and across software applications. The integrated data identifier can also be accurately and consistently translated within a data provider (such as a credit bureau) to link and deliver corresponding consumer and business data within the varying asset databases and services maintained by the data provider. In the healthcare context, a healthcare provider or an insurer may utilize a patient ID as the integrated identifier. In one or more embodiments, to protect privacy, the integrated identifier does not include personal information such as social security numbers or birthdates.

BRIEF DESCRIPTION OF THE DRAWINGS

Specific embodiments will now be described with reference to the following drawings:

FIG. 1 is a block diagram of an integrated identifier reconciliation system according to one embodiment; and

FIG. 2A is a block diagram showing a system for providing and utilizing integrated identifiers according to one embodiment;

FIG. 2B is a flow diagram showing a method for reconciling integrated identifiers according to one embodiment;

FIG. 2C is a flow diagram showing a method for resolving integrated identifiers according to one embodiment; and

FIG. 3 is a block diagram showing a system for providing and utilizing integrated identifiers in accordance with another embodiment.

DESCRIPTION OF CERTAIN EMBODIMENTS

The terminology used in the description presented herein is not intended to be interpreted in any limited or restrictive manner, simply because it is being utilized in conjunction with a detailed description of certain specific embodiments of the invention. Furthermore, embodiments of the invention may include several novel features, no single one of which is solely responsible for its desirable attributes or which is essential to practicing the inventions described herein.

Various companies store information about their customers in a collection of systems and databases. Customer data integration (“CDI”) solutions, such as Experian's Truvue solution, synchronize records across multiple business units and databases to deliver a more complete, consistent and accurate view of customers over time. One advantage of a CDI solution may be that it can integrate thousands of reliable and verifiable data sources (collectively referred to as “customer data”) into one or more large intelligent reference databases. With links to thousands of contributors of reliable and verifiable data, information may be updated continually. When combined with vast name and address history stored by a credit bureau, these links may give a data user entity that uses the CDI the ability to accurately identify and link comprehensive data to their customers.

Many data users, such as credit card issuers, banks, utility companies, and other commercial entities, for example, need to manage customer data. In addition, these data users often access regulated data such as credit data, sometimes in conjunction with one or more access operations involving non-regulated customer data. For example, a card issuer may wish to use non-regulated customer data for marketing purposes and regulated credit data for processing new credit applications. One difficulty these data users encounter is the divergent methods of access that are needed due to the different regulations restricting the use of certain data. Other data users in fields such as healthcare may also face the same challenge in their data management practices. For example, a healthcare provider or an insurer may face one set of legal requirements with regard to patient data (e.g., HIPPA) and another set of requirements with regard to the use of credit data related to those patients (e.g., FCRA). For example, a pharmacy may need to manage three types of regulated data: medical data, insurance data, and credit data.

Typically the legal requirements limit use of data to certain permissible purposes, and as a result the different legal requirements often lead to the use of parallel and sometimes duplicative data management systems and methods that cannot be cross-referenced. For example, if a credit card company purchased a marketing list (usually non-regulated) containing prospective customers and wished to check the list against its current account holders in a regulated credit database, legal requirements may require the company to assign identifiers to the prospective customers on the marketing list, assign the same identifiers to its list of current account holders, and then compare the two lists. However, according to certain embodiments discussed herein, the credit card company may provide the list of prospective customers to a system that will automatically resolve, in a compliance manner, to the proper integrated identifiers that also correspond to the identifiers used in the regulated credit database.

Embodiments described herein provide data management systems and methods for accessing, providing, and/or managing differently regulated data. The data management systems and methods streamline the mechanism by which data users access both regulated and non-regulated data through the use of one or more integrated identifiers. An identifier may be an alphanumeric string and/or a database record key. It may be encrypted or in clear text. In one or more embodiments an identifier does not contain any personally identifiable information. Other embodiments include systems and methods that allow for the integration of a Customer Data Integration (CDI) solution with an account review service through the use of one or more integrated identifiers. Embodiments may also ensure that the use of these regulated data in the integrated environment is still consistent with the legal requirements concerning use. In one embodiment, the systems and methods are configured to comply with various federal and state legislations.

In addition, the systems and methods may minimize or reduce the need to transfer consumer private data to the data provider, for example, for the purpose of conducting the account review services or other services. The systems and methods may also help identify other service opportunities for improving efficiency and/or quality, as well as other services that can utilize the integrated identifier.

Integrated Identifier

Embodiments employ one or more integrated identifiers for the interface and delivery of multiple products and services derived from various data sources, including but not limited to those from a data provider such as a credit bureau.

In one embodiment, a data user (e.g., a client of the credit bureau or a client of a data provider) can receive a unique integrated identifier for each of the data user's current or prospective customers, which may be a consumer or a business. Other data providers may include insurance companies, healthcare providers, etc. The unique integrated identifiers can be used by the data user to persistently identify and track both regulated and/or non-regulated data associated with its customers over time and across applications. In one embodiment, a credit processing software application may interface with a data provider, such as a credit bureau, that delivers consumer and business data from within the regulated and/or non-regulated databases and services maintained by the data provider. In the healthcare context, a healthcare provider or an insurer may utilize a patient ID as the integrated identifier. In one or more embodiments, to protect privacy, the integrated identifier does not include personal information such as social security numbers or birthdates. In one embodiment, the integrated identifier is from a data provider, and in one embodiment the integrated identifier is from a data user. The integrated identifier may be an existing identifier in either the data user or the data provider's database, or a new identifier.

In one embodiment, existing marketing data services solution infrastructure and/or customer database solutions may be used as a platform for building and maintaining a cross reference between corresponding consumers on a truth database (e.g., Experian Marketing Services' Truth Database) and a credit database maintained by a credit bureau (e.g., Experian's File One Database).

One or more embodiments are configured so that the use of designed integrated identifiers does not change the regulatory status of any of the credit bureau's core asset database(s). In one embodiment, the integrated identifier includes safeguards that will prohibit it from being incorrectly used or referenced within the data provider's and within the data user's systems and applications. In one embodiment used in the credit context, the system prevents the integrated identifier from being used as an alternative identifier for defining a consumer associated with a credit account when reporting account updates to a credit bureau's primary credit database. Instead, updates need to comply with consumer credit reporting standards, such as the “Metro2” standard defined by the Associated Credit Bureaus, Inc (ACB).

Computing System

In some embodiments, the systems, computer clients and/or servers described herein take the form of a computing system as shown in FIG. 1 . FIG. 1 is a block diagram showing an embodiment in which computing system 100 is in communication with a network 160 and various systems are also in communication with the network 160. The computing system 100 may be used to implement systems and methods described herein. For example, the computing system 100 may be configured to receive financial and demographic information regarding individuals and generate reports and/or alerts for one or more clients. Although the description provided herein refers to individuals, consumers, or customers, the terms “individual,” “consumer,” and “customer” should be interpreted to include applicants, or groups of individuals or customers or applicants, such as, for example, married couples or domestic partners, organizations, groups, and business entities.

The computing system 100 includes, for example, a server or personal computer that is IBM, Macintosh, or Linux/Unix compatible. In one embodiment, the computing system 100 comprises a server, a laptop computer, a cell phone, a personal digital assistant, a kiosk, or an audio player, for example. In one embodiment, the exemplary computing system 100 includes one or more central processing unit (“CPU”) 105, which may include a conventional microprocessor. The computing system 100 further includes one or more memory 130, such as random access memory (“RAM”) for temporary storage of information and a read only memory (“ROM”) for permanent storage of information, and a mass storage device 120, such as a hard drive, diskette, or optical media storage device. Typically, the modules of the computing system 100 are connected to the computer using a standard based bus system. In different embodiments, the standard based bus system could be Peripheral Component Interconnect (“PCI”), Microchannel, Small Computer System Interface (“SCSI”), Industrial Standard Architecture (“ISA”) and Extended ISA (“EISA”) architectures, for example. In addition, the functionality provided for in the components and modules of computing system 100 may be combined into fewer components and modules or further separated into additional components and modules.

The computing system 100 is generally controlled and coordinated by operating system software, such as Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Vista, Windows 7, Unix, Linux, SunOS, Solaris, or other compatible operating systems. In Macintosh systems, the operating system may be any available operating system, such as MAC OS X. In other embodiments, the computing system 100 may be controlled by a proprietary operating system. Conventional operating systems control and schedule computer processes for execution, perform memory management, provide file system, networking, I/O services, and provide a user interface, such as a graphical user interface (“GUI”), among other things.

The exemplary computing system 100 includes one or more commonly available input/output (I/O) devices and interfaces 110, such as a keyboard, mouse, touchpad, and printer. In one embodiment, the I/O devices and interfaces 110 include one or more display device, such as a monitor, that allows the visual presentation of data to a user. More particularly, a display device provides for the presentation of GUIs, application software data, and multimedia presentations, for example. The computing system 100 may also include one or more multimedia devices 140, such as speakers, video cards, graphics accelerators, and microphones, for example.

In the embodiment of FIG. 1 , the I/O devices and interfaces 110 provide a communication interface to various external devices. In the embodiment of FIG. 1 , the computing system 100 is electronically coupled to a network 160, which comprises one or more of a LAN, WAN, or the Internet, for example, via a wired, wireless, or combination of wired and wireless, communication link 115. The network 160 communicates with various computing devices and/or other electronic devices via wired or wireless communication links.

According to FIG. 1 , information is provided to computing system 100 over the network 160 from one or more data sources including, for example, credit databases 162. The information supplied by the various data sources may include credit data, demographic data, application information, product terms, accounts receivable data, and financial statements, for example. In addition to the devices that are illustrated in FIG. 1 , the network 160 may communicate with other data sources or other computing devices. In addition, the data sources may include one or more internal and/or external data sources. In some embodiments, one or more of the databases or data sources may be implemented using a relational database, such as Sybase, Oracle, CodeBase and Microsoft® SQL Server as well as other types of data structures such as, for example, a flat file database, an entity-relationship database, and object-oriented database, and/or a record-based database.

In addition to supplying data, client 164 may further request information from the computing system 100. For example, the client 164 may request data related to a consumer or a group of consumers. Such a request may include consumer information identifying the consumer(s) for which information is desired. The client may also provide updates to the one or more databases shown in the figure. For example, the client 164 may send, to the computing system 100, new account information when a customer opens a new credit card account so that one or more credit or non-credit databases reflects the customer's new account.

The I/O devices and interfaces 110 further provide a communication interface to an internal credit database 172. In the embodiment of FIG. 1 , the computing system 100 is coupled to a secured network 161, such as a secured LAN, for example. The system 100 may communicate with the internal credit database 172 through a secured network (not shown), for example. In some embodiments, the internal credit database 172 is configured to communicate with additional computing devices over the network 160 or some other network, such as a LAN, WAN, and/or the Internet via a wired, wireless, or combination of wired and wireless, communication link. In certain embodiments, the client 164 may have access to the internal credit database 172 through the network 160.

In the embodiment of FIG. 1 , the computing system 100 also includes an integrated identifier management module 150 that may be executed by the CPU 105. This module may include, by way of example, components, such as software components, object-oriented software components, class components and task components, processes, functions, attributes, procedures, subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables.

In the embodiment shown in FIG. 1 , the computing system 100 is configured to execute integrated identifier management module 150, among others, in order to reconcile identifiers and personal identification numbers associated with respective customers among the internal credit database 172, credit databases 162, and/or non-credit databases 192. The reconciliation process associate disparate identifiers to one or more integrated identifiers for the same customers, so that different data sources can be accessed with the integrated identifiers. The various reconciliation methods will be further described below. In some embodiments, the integrated identifier management module 150 may be configured to access and/or obtain data from internal credit database 172, credit databases 162, non-credit databases 192, or a combination of internal credit database 172, credit databases 162 and non-credit databases 192.

In general, the word “module,” as used herein, refers to logic embodied in hardware or firmware, or to a collection of software instructions, possibly having entry and exit points, written in a programming language, such as, for example, Java, Lua, C or C++. A software module may be compiled and linked into an executable program, installed in a dynamic link library, or may be written in an interpreted programming language such as, for example, BASIC, Perl, or Python. It will be appreciated that software modules may be callable from other modules or from themselves, and/or may be invoked in response to detected events or interrupts. Software instructions may be embedded in firmware, such as an EPROM. It will be further appreciated that hardware modules may be comprised of connected logic units, such as gates and flip-flops, and/or may be comprised of programmable units, such as programmable gate arrays or processors. The modules described herein are preferably implemented as software modules, but may be represented in hardware or firmware. Generally, the modules described herein refer to logical modules that may be combined with other modules or divided into sub-modules despite their physical organization or storage.

Providing Access to Non-Regulated and Regulated Data Sources

FIG. 2A is a block diagram showing a system for providing and utilizing integrated identifiers according to one embodiment. In the embodiment of FIG. 2A, a data user 200 can access various data sources provided by one or more data provider 250 (e.g., a credit bureau), including non-regulated data 202 and regulated data 246. As depicted in the figure, the data user 200 may operate a Non-Regulated Product Application 210, a Regulated Product Application 236, and/or a Customer Management System 234. The data user 200 may use the integrated identifiers throughout its applications and systems to refer to individuals or businesses, and use the same integrated identifiers to access regulated and non-regulated data provided by the data provider 250. In one or more embodiments, the reconciliation mechanisms employed by the data provider 250 eliminate the need for the data user 200 to maintain separate identifiers for regulated and non-regulated data for the same individuals or businesses.

Non-Regulated Data Sources

In one embodiment, the Non-Regulated Product Application 210 is tasked with accessing non-regulated data. For example, if the data user 200 is a credit card company, the Non-Regulated Product Application 210 may handle the tasks of gathering data to find prospective customers, verifying information relating those prospective customers, and pre-qualifying selected prospective customers for credit card offers. In one or more of these tasks, the Non-Regulated Product Application 210 accesses a Non-Regulated Data Delivery System 212, which serves as an interface to a number of databases containing non-regulated data sources 202 from which data may be accessed, acquired and/or verified. In one or more embodiments, the Non-Regulated Data Delivery System 212 is operated by the data provider 250.

Among non-regulated data sources 202 may be a CDI Consumer Database 216, which may serve as the primary data source for the Non-Regulated Data Delivery System 212 in one embodiment. The CDI Consumer Database 216 may also serve as the primary database in which the data user 200 correlates its customer data with other sources of non-regulated data. In one embodiment, CDI Consumer Database 216 stores a history of data points for the individual consumers identified. The data points may be retrieved from qualified data sources so that the CDI Consumer Database 216 provides consistent and accurate information about consumers. For example, the Non-Regulated Product Application 210 may send information of a prospective customer to the Non-Regulated Data Delivery System 212 to request a lookup of the prospective customer in one or more of the non-regulated data sources 202. The Non-Regulated Data Delivery System 212 may attempt to locate the prospective customer in the CDI Consumer Database 216 using the received information. The Non-Regulated Data Delivery System 212 may then return to the Non-Regulated Product Application 210 the non-regulated data identifier(s) of the matched record(s) within the CDI Consumer Database 216, along with other data from data sources 202 that are associated with the particular prospective customer. In one embodiment, the returned data include the matched record for the customer in the CDI Consumer Database 216, the ID (the identifier) for the matched record in the CDI Consumer Database 216, and/or other associated data records for that customer from other data sources 202. If no matches are found, a new non-regulated data identifier may be assigned and returned to the Non-Regulated Product Application 210. If multiple matches are found, the Identifier Reconciliation System 218 follows a reconciliation process that will be further described in detail below. In one embodiment, Identifier Reconciliation System 218 may be implemented as the computing system 100.

In one embodiment, the returned non-regulated data identifier serves as the integrated identifier through which other applications and systems of the data user 200 may access both regulated and non-regulated data. In some embodiments, the integrated identifiers can also access multiple sources of non-regulated data. In one embodiment, the returned integrated identifiers are saved in a Customer Database 238. In one embodiment, one integrated identifier is returned for each individual customer. With reference to flow chart in FIG. 2B, which is discussed in further detail below, the same returned identifiers are saved in a Non-Regulated Shadow Customer Database 214 in block 260 to facilitate the process of identifier reconciliation. In one embodiment, the Non-Regulated Shadow Customer Database 214 mirrors at least a portion of the records stored in the Customer Database 238 and links the records to the assigned integrated identifiers. An entry in the Non-Regulated Customer Shadow Database 214 may include a pairing of the customer's record in the customer database 238 with the non-regulated identifier that has been returned the customer.

Regulated Data Sources

Embodiments also provide methods and systems that enable data users to access regulated data sources with the identifiers that have been assigned as the integrated identifiers, which may also be used for accessing non-regulated data. In one embodiment, a Regulated Data Delivery System 222 provides an interface for accessing regulated data sources 246. For example, the Regulated Data Delivery System 222 may receive queries from the Regulated Product Application 236 to obtain credit reports for credit applicants. In one or more embodiments, the Regulated Data Delivery System 222 implements one or more rules to ensure that access to the regulated data sources complies with applicable legal requirements.

In one embodiment, the Regulated Product Application 236 may forward to the Regulated Data Delivery System 222 an identifier that has been assigned as the integrated identified and previously returned by the Non-Regulated Data Delivery System 212, along with other query data (e.g., name, Social Security Number) for the retrieval of regulated data. The Regulated Data Delivery System 222, may then access the regulated data sources, locate the records and the associated regulated data identifiers that match the query data, and return them to the Regulated Product Application 236.

FIG. 2B is a flow diagram showing a method for reconciling integrated identifiers according to one embodiment. In the embodiment of FIG. 2B, the lookup process may trigger (1) as shown in block 262, the creation of an entry in the Regulated Customer Shadow Database 248, and (2) as shown in block 274, the creation, within the Identifier Reconciliation System 218, of a linkage between the previously created entry in the Regulated Customer Shadow Database 218 and the corresponding entry in the Regulated Customer Shadow Database 248. In one embodiment, the Regulated Shadow Customer Database 248 mirrors at least a portion of the records stored in the Customer Database 238 and links the records to the located regulated data identifiers. In one embodiment, the linkage is created using a set of reconciliation rules as further described below. An entry in the Regulated Customer Shadow Database 248 may include a pairing of the customer's record in the customer database 238 with the regulated identifier for the customer. In one embodiment, the Regulated Customer Shadow Database 248 and the Non-Regulated Customer Shadow Database 214 may be implemented as distinct tables or data structures within one database.

As shown also by blocks 270 and 272 in FIG. 2B, the process of creating the linkage may occur in a different order if the data user accesses regulated data first and subsequently accesses non-regulated data. In one embodiment, this order is an alternative method of execution to that which is depicted in blocks 260 and 262. In this situation, a lookup of the non-regulated data source may be needed in block 270 to retrieve a non-regulated data identifier and provide it to the data user 200. In another embodiment, blocks 270 and 272 may take place concurrently with blocks 260 and 262, or before or after blocks 260 and 262.

Identifier Reconciliation

In one embodiment, the Identifier Reconciliation System 218 includes the integrated identifier management module 150 (from FIG. 1 ) that reconciles identifiers for regulated and non-regulated data. As described above, the Non-Regulated Shadow Database 214 and the Regulated Shadow Database 248 each keeps a shadow copy of the records in the Customer Database 238 with different identifiers. Hence, data accesses by the data user to various data sources with the integrated identifiers need to be reconciled or resolved properly. In one embodiment, the non-regulated data identifiers are used as the integrated identifiers, which are used in the Customer Database 238 and the Non-Regulated Shadow Database 214. In one embodiment, the regulated data identifiers are used in the Regulated Shadow Database 248.

In one embodiment, the reconciliation module reconciles identifiers for regulated and non-regulated data. In one embodiment, the integrated identifier management module 150 may follow one or more business rules in its reconciliation process. The rules account for the possibility that there may be one-to-one, many-to-one, or many-to-many correspondences between records in non-regulated data sources and those in regulated data sources. The rules may include one or more of the following:

(A) For the condition where a regulated data identifier (e.g., a unique PIN assigned by a credit bureau) is matched to a non-regulated data identifier (which may be used as the integrated identifier as described above), the link between the regulated data identifier and the non-regulated data identifier may be created and maintained in a data linkage table without additional processing.

(B) For the condition where multiple regulated data identifiers are matched to one non-regulated data identifier, the following rules may be used. (1) If the regulated identifiers are deemed indicative of duplicate data records in a regulated database, the Identifier Reconciliation System 218 may initiate an inquiry to the data user to trigger a merge of the multiple duplicative regulated data identifiers in the regulated database. (2) However, if data management mechanism associated with the regulated database does not allow such a merge, then new non-regulated identifiers may be created for each unique regulated data identifier.

(C) For the condition where multiple non-regulated data identifiers are matched to one regulated data identifier, the multiple non-regulated data identifiers may be merged into one inquiry at the CDI Consumer Database 216 in one embodiment and a resolution process is then executed to identify a resulting non-regulated data identifier that will be assigned to the credit data identifier.

(D) For the condition where a non-regulated data identifier does not match any regulated data identifier, an error message may be output for manual research & resolution. In some embodiments, a regulated data identifier may be created for the non-regulated data identifier.

(E) For the condition where a regulated data identifier does not match any non-regulated data identifiers, a new non-regulated data identifier may be created for the individual identified by the regulated data identifier. The non-regulated data identifier may be marked as private data, so that it is visible only to the data user that is requesting the reconciliation.

(F) For the condition where multiple regulated data identifiers match multiple non-regulated data identifiers, in one embodiment, the system is configured to follow the above rules regarding many-to-one correspondences.

It is to be understood that the above rules are implemented in one or more embodiments, for example, in embodiments where FCRA and/or GLB regulated data are used. Other embodiments, such as those in the healthcare context, may use different rules. In addition, the reconciliation rules used in various embodiments of the invention may be updated to ensure continued compliance with changing laws and regulations. In one or more embodiments, the Identifier Reconciliation System 218 is configured to periodically check a data source that provides a set of updated rules. Finally, although the examples above describe regulated and non-regulated data, the integrated identifiers are not so limited may be used to provide access to differently-regulated data, e.g. two or more sources of differently regulated data.

Identifier Resolution

With the linkage in place, the Identifier Reconciliation System 218 provides identifier resolution so that the data user 200 can access both regulated and non-regulated data with the integrated identifier. For example, the data user 200 may operate a Customer Management System 234 that handles tasks such as account creation and account maintenance. The Customer Management System 234 interacts with a Customer Data Update System 232, which manages transactions by also utilizing the Identifier Reconciliation System 218.

FIG. 2C is a flow diagram showing a method for resolving integrated identifiers according to one embodiment. An example of an identifier resolution process is described below with reference to FIG. 2C. Such an example may entail the creation of a new customer account. The Customer Management System 234 may create the new account in the Customer Database 238 with the integrated identifier. Then, in block 278, the Customer Data Update System 232 may receive, from the Customer Management System 234, the new account information along with the integrated identifier associated with the new customer, both of which may be passed to the Identifier Reconciliation System 218. The Identifier Reconciliation System 218 may then look up the appropriate entries in the linkage table in block 280. The lookup may resolve to identifiers usable for either an update to the Non-Regulated Shadow Customer Database 214 and/or the Regulated Shadow Customer Database 248, along with actual updates to the appropriate regulated or non-regulated data sources (blocks 282, 284, 286, and 288).

In one or more embodiments, systems 212, 222, and 232 may be part of the Identifier Reconciliation System 218, which serves as a central access point of any data applications of the data user. In addition, although the examples described above describe accessing data in individual transactions, systems 212, 222, and 232 in one or more embodiments may be configured to support batch processing where data records are processed in accordance with the mechanisms described above in batches.

Description of Other Embodiments Applied to Specific Contexts

FIG. 3 shows an embodiment as applied in the credit context. A data user 300 can access various databases provided by a data provider 350, for example, a credit bureau, including non-regulated data 302 and regulated data 346 through the use of integrated identifiers. Non-regulated data 302 may include CDI data and other related data, while regulated data 346 may include credit data, including credit data used for account review purposes. As depicted in the figure, the data user may operate a Customer Acquisition System 310, which handles the task of acquiring new customers. For example, if the data user is a credit card company, Customer Acquisition System 310 may handle the tasks of gathering data to locate prospective customers, verifying information relating those prospective customers, and qualifying selected prospective customers for credit card offers. In another example, if the data user is a utility company, the Customer Acquisition System 310 may be used to determine a customer's eligibility to receive services. In the healthcare setting, the Customer Acquisition System 310 may be used by a healthcare provider to admit new patients.

In one or more of these tasks, the Customer Acquisition System 310 may access a Consumer Data Delivery System 312, which serves as an interface to a number of databases containing non-regulated data sources 302 from which data may be acquired and/or verified. In one or more embodiments, the Consumer Data Delivery System 312 is operated by the data provider 350.

Non-Regulated Data Sources

Among database sources 302 may be a CDI Consumer Database 316, which may serve as the primary data source for the Consumer Data Delivery System 312. The CDI Consumer Database 316 may also serve as the primary database in which the data user 300 correlates its customer data with other sources of data. For example, as shown in process “A,” the Customer Acquisition System 310 may, upon the receipt of information of for a prospective customer “Customer A” (e.g., name and address), send the received prospective customer information to the Consumer Data Delivery System 312 to request a lookup of “Customer A” in the non-regulated data sources 302. In one embodiment, as shown in process “B,” the Consumer Data Delivery System 312 attempts to locate “Customer A” in the CDI Consumer Database 316 using the received information, and return, to the Customer Acquisition System 310, the customer data ID(s) of the matched record(s) for “Customer A” within the CDI Consumer Database 316, along with other data from data sources 302 that are associated with “Customer A.”

Non-regulated data sources 302 may include a government database such as one managed by the Office of Foreign Assets Control (OFAC) and a fraud database such as the National Fraud Database. For example, if the data user 300 is a credit card company, the returned information from the CDI Consumer Database and/or other related non-regulated data sources may contain information related to the prospective customer that can help the credit card company assess the type of products in which the prospective customer may be interested, and/or whether the prospective customer may be a high fraud risk. In one embodiment, the customer data ID from the CDI Consumer Database 316 is returned to the data user 300 and saved in the customer database 338. The customer data ID for “Customer A” is then used as the integrated identifier to access both regulated and non-regulated information. In the example of “Customer A,” the result may be that he or she becomes pre-approved based on the information received. Both the Non-Regulated Shadow Customer Database 314 and the Customer Database 338 may be updated to reflect that “Customer A” has been pre-approved and that an integrated identifier has been assigned to him or her.

In one or more embodiments, a list of prospective customers may be provided by the Customer Acquisition System 310 to the Consumer Data Delivery System 312, which in turn may locate data records for the list of prospective customers from among the non-regulated data sources 302. In addition, the Consumer Data Delivery System 312 may also query the Non-Regulated Shadow Customer Database 314 to check if any of the prospective customers are already existing customers of the data user 300.

Although a number of modules depicted include the term “consumer,” embodiments provide the same data management capability for data users that manage business customers. Thus, in one or more embodiments, the Consumer Data Delivery System 312 may access a CDI Business Database instead of or in addition to the CDI Consumer Database 316.

Regulated Data Sources

Embodiments also provide methods and systems for data users to access regulated data sources. As shown in process “C,” the Consumer Credit Online System 322 may receive credit queries from the Customer Acquisition System 310. In one embodiment, the Consumer Credit Online System 322 interfaces with regulated data sources 346 such as a Consumer Credit Database 348. Using the “Customer A” example, after receiving a pre-approval notice, “Customer A” may submit a credit application to the data user 300. The Consumer Credit Online System 322 may then receive queries from the Customer Acquisition System 310 to obtain credit reports for “Customer A,” under the permissible purpose of determining credit-worthiness, for example. In the process “D,” “Customer A's” credit reports are obtained from a Consumer Credit Database 348. The retrieved reports are then returned to the data user 300.

The data user 300 may also operate a Customer Management System 334 that handles tasks such as account creation and account maintenance. Tracking along with the example, if the returned credit reports are satisfactory, “Customer A” may be approved for a new account and the Customer Management System 334 may handle the creation of the account. As shown in process “E,” the Customer Management System 334 may send “Customer A's” new account information along with the assigned integrated identifier to a Customer Update System 332, which manages additions and updates in one embodiment via an Identifier Reconciliation System 318. The Customer Management System 334 may forward the integrated identifier in the process “F” to the Identifier Reconciliation System 318, and the identifier reconciliation process as shown in FIG. 2B may be triggered so that the Non-Regulated Shadow Customer Database 314, the Regulated Shadow Customer Database 352, and/or other databases are updated. The Customer Data Update System may also receive updates from the Customer Management System 334 reflecting changes in the Customer Database 338. In one embodiment, the updates are sent with the integrated identifiers, which are resolved in accordance to the resolution process shown in FIGS. 2A and 2C, so that the appropriate shadow databases and/or regulated or non-regulated data sources are updated. In one embodiment, the updates can be processed in by transaction or in a batch mode.

The data user 300 may also operate an Account Review System 336 that forwards customer information along with the integrated identifiers to the counterpart Account Review System 342 of the data provider 350, as shown in process “G.” For example, if the data user 300 is a credit card company, the information may include account numbers. In one embodiment, the account numbers and identifiers are then sent to the Identifier Reconciliation System 318, as shown in process “H.” The Identifier Reconciliation System 318 may then resolve to the proper regulated identifiers based on its linkage table and then access the Consumer Credit Database 348 to obtain data records needed for the account review. The results are then returned to the Account Review System 336.

CONCLUSION

All of the methods described herein may be performed and fully automated by a computer system. The computer system may, in some cases, be composed by multiple distinct computers or computing devices (e.g., physical servers, workstations, storage arrays, etc.) that communicate and interoperate over a network to perform the described functions. Each such computing device typically includes a processor (or multiple processors) that executes program instructions stored in a memory. The results of the disclosed methods may be persistently stored by transforming physical storage devices, such as solid state memory chips and/or magnetic disks, into a different state.

In addition, all of the methods/processes described above may be embodied in, and fully automated via, software code modules executed by one or more general purpose computers. The code module may be stored in any type of computer-readable medium or other computer storage device. Some or all of the methods may alternatively be embodied in specialized computer hardware. As will be apparent, the features, and attributes of the specific embodiments disclosed above may be combined in different ways to form additional embodiments, all of which are fall within the scope of the present disclosure. Although this disclosure has been described in terms of certain preferred embodiments and applications, other embodiments and applications that are apparent to those of ordinary skill in the art, including embodiments which do not provide all of the features and advantages set forth herein, are also within the scope of this disclosure. Accordingly, the scope of the disclosure is intended to be defined only by reference to the appended claims. 

What is claimed is:
 1. A computer-executable method comprising: receiving, by a computing system including one or more computer processors, an integrated data identifier associated with an entity from a data user, wherein the integrated data identifier is linked to a first data identifier and a second data identifier associated with the entity; applying one or more reconciliation rules to reconcile the integrated data identifier with the first data identifier and the integrated data identifier with the second data identifier, wherein the one or more reconciliation rules account for correspondence between data items with different permission levels; accessing, by the computing system, one or more first data items corresponding to the entity in a first data store; accessing, by the computing system, one or more second data items corresponding to the entity in a second data store; and transmitting the one or more first data items and the one or more second data items to the data user; wherein the integrated data identifier provides the data user with access to: the one or more first data items of the entity from the first data store according to a first access rights and without the first data identifier; and the one or more second data items of the entity from the second data store according to a second access rights and without the second data identifier.
 2. The computer-executable method of claim 1, wherein the first data store and the second data store are different.
 3. The computer-executable method of claim 1 further comprising: identifying, by the computing system, the first data identifier and the second data identifier based on the received integrated data identifier.
 4. The computer-executable method of claim 3, wherein the first data identifier and the second data identifier are identified based on the applied one or more reconciliation rules.
 5. The computer-executable method of claim 1, wherein the first data store is associated with a first permission level, and wherein the second data store is associated with a second permission level, and wherein the first permission level is different from the second permission level.
 6. The computer-executable method of claim 1, wherein the one or more first data items comprise regulated data items that are subject to regulations on access.
 7. The computer-executable method of claim 6, wherein the one or more second data items comprise unregulated data items that are not subject to regulations on access.
 8. The computer-executable method of claim 1, wherein the first access rights are associated with the one or more first data items, wherein the second access rights are associated with the one or more second data items, and wherein the first access rights are different from the second access rights.
 9. The computer-executable method of claim 1, wherein at least one of the first access rights and the second access rights include legal restrictions restricting linkage of the one or more first data items with the one or more second data items.
 10. The computer-executable method of claim 1, wherein the entity comprises a person.
 11. The computer-executable method of claim 1, wherein the entity comprises a business.
 12. The computer-executable method of claim 1, wherein the integrated data identifier does not include personally identifiable information of the entity.
 13. A system comprising: a processing unit; a memory in electronic communication with the processing unit; computer-executable instructions stored in the memory, wherein the computer-executable instructions, when executed by the processing unit, cause the processing unit to: receive an integrated data identifier associated with an entity from a data user, wherein the integrated data identifier is linked to a first data identifier and a second data identifier associated with the entity; apply one or more reconciliation rules to reconcile the integrated data identifier with the first data identifier and the integrated data identifier with the second data identifier, wherein the one or more reconciliation rules account for correspondence between data items with different permission levels; access one or more first data items corresponding to the entity in a first data store; access one or more second data items corresponding to the entity in a second data store; and transmit the one or more first data items and the one or more second data items to the data user; wherein the integrated data identifier provides the data user with access to: the one or more first data items of the entity from the first data store according to a first access rights and without the first data identifier; and the one or more second data items of the entity from the second data store according to a second access rights and without the second data identifier.
 14. A computer-executable method for updating user data in databases, the computer-executable method comprising: receiving, by a computing system including one or more computer processors, a request from a data user for data items associated with a second database associated with an entity, the request comprising one or more first data items associated with a first database associated with the entity; determining an integrated data identifier for the entity; linking the integrated data identifier with a first data identifier and a second data identifier, wherein the first data identifier is associated with the first database, and wherein the second data identifier is associated with a second database; based at least in part on the one or more first data items and the integrated data identifier, accessing, from the second database, one or more second data items associated with the entity; transmitting the one or more second data items to the data user; receiving, from the data user, updated information generated based at least in part on the one or more second data items, the updated information comprising a new first data item and a new second data item; associating the integrated data identifier with the new first data item and the new second data item by linking the new first data item and the new second data item with the integrated data identifier.
 15. The computer-executable method of claim 14, wherein the integrated data identifier provides the data user access to the new first data item without using the first data identifier and the new second data item without using the second data identifier.
 16. The computer-executable method of claim 13, wherein the first data store is associated with a first permission level, and wherein the second data store is associated with a second permission level, and wherein the first permission level is different from the second permission level.
 17. The computer-executable method of claim 14, wherein the one or more first data items comprise unregulated data items that are not subject to regulations on access.
 18. The computer-executable method of claim 17, wherein the one or more second data items comprise regulated data items that are subject to regulations on access.
 19. The computer-executable method of claim 14, wherein the entity comprises a person.
 20. The computer-executable method of claim 14, wherein the entity comprises a business. 